Moving this blog CI to Snap-CI

This week I've moved the build of this blog to Snap-CI, if you read it before I used to build on ThoughtWorks Go but this required maintain my own infra-structure just to build this blog. In the process of moving to Snap-CI I had to do some small changes so here is my notes.

Melting the snowflake

All changes I had to do were due my previous build system being a snowflake . Three things had to be addressed: the deployment, Pygments and Checklink. All three were pre-configured on the machine, moving to an ephemeral machine these had to be fixed.


All deployment is pretty much ssh based, since this blog is a static website I just need to copy a tar.gz file to the server, which is authenticated by key exchange. But the question remains "where can I store the key?" Uploading it to the repository sounds like a bad idea, anyone with access to the repository could use the key, still it has to go somewhere. So I decided encrypt the key and check the encrypted file. To decrypt one needs a pass phrase which is configured by a environment variable. Access to the repository doesn't mean access to the server.

After the key decryption configured I turned off the host key fingerprint check. At this point I could encrypt a host key file but it is more tailored for client security and middle-man attack so I disabled. Here is a snippet of the rake task which deploys the blog archive:

desc "Send package to deployment server"
task :send_pkg, [:lang] do |t, args|
  PrivateKey.with_pk do |blogpk|
    run_or_show "scp -i #{blogpk} -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' " \
      " -v  #{MyConfig.archive_dir}/#{MyConfig.package args[:lang]} #{MyConfig.archive_ssh}:tmp/"

To highlight code I use Pygments, in order to make sure it is available I had to install it if necessary, fortunately easy_install has a --user flag which allows you to do a non root install. To make it available to jekyll I added the install location to PATH.

desc "Check if pygments is installed"
task :pygments_is_installed do
  if Build.snap_ci?
    run_or_show "easy_install --user -s bin/ Pygments"
    ENV['PATH'] = "#{ENV['PATH']}:#{ENV['HOME']}/.local/bin/"
  run_or_show 'pygmentize -V'

Finally checklink which is a Perl script. Contrary to Pygments, checklink has dependencies, installing during build sounded like too much so I decided to add the whole thing to the repository, which in turn wasn't so trivial. You got to know a little bit Perl to not get lost in the process, which in my case was using local::lib and some CPAN shell gymnastics.

The catch was some modules like Time::HiRes are architecture dependent. Enter Vagrant, Snap-CI runs CentOS 6.4 OS, so I compiled the architecture dependent modules on Vagrant and installed them on the repository too.

Rise the Phenix build

After these three changes the build is pretty much self contained now. In theory it runs in any Linux/Unix base system (as long it has Python, Perl and Ruby installed), alright not so generic, but good enough IMO. With few dependencies which get setup at build time now it's possible to easily configure and set this blog build on Snap-CI.

Published in Jan 05, 2014